Nvidia Warns Windows Gamers of Serious Graphics Driver Bugs

栏目: IT技术 · 发布时间: 4年前

内容简介:Several high-severity flaws in Nvidia’s GPU display drivers for Windows users could lead to code-execution, DoS and more.Graphics chipmaker Nvidia has fixed two high-severity flaws in its graphics drivers. Attackers can exploit the vulnerabilities to view

Several high-severity flaws in Nvidia’s GPU display drivers for Windows users could lead to code-execution, DoS and more.

Graphics chipmaker Nvidia has fixed two high-severity flaws in its graphics drivers. Attackers can exploit the vulnerabilities to view sensitive data, gain escalated privileges or launch denial-of-service (DoS) attacks in impacted Windows gaming devices.

Nvidia’s graphics driver (also known as the GPU Display Driver) for Windows is used in devices targeted to enthusiast gamers; it’s the software component that enables the device’s operating system and programs to use its high-level, gaming-optimized graphics hardware.

One of the vulnerabilities, CVE-2020-5962, exists in the Nvidia Control Panel component, which provides control of the graphics driver settings as well as other utilities installed on the system. The flaw could allow an attacker with local system access to corrupt a system file, which may lead to DoS or escalation of privileges, according to Nvidia’s Wednesday security advisory.

Nvidia Warns Windows Gamers of Serious Graphics Driver Bugs

Another vulnerability (CVE‑2020‑5963) exists in the CUDA Driver, a computing platform and programming model invented by Nvidia. The issue stems from improper access control in the driver’s Inter Process Communication APIs. It could lead to lead to code execution, DoS or information disclosure.

The display driver also contains four medium-severity flaws, existing in the service host component (CVE‑2020‑5964), the DirectX 11 user mode driver (CVE‑2020‑5965), the the kernel mode layer (CVE‑2020‑5966) and the UVM driver (CVE‑2020‑5967).

Various drivers are affected for Windows and Linux users, including ones that use Nvidia’s GeForce, Quadro and Tesla software. A full list of affected – and updated – versions are below.

Nvidia Warns Windows Gamers of Serious Graphics Driver Bugs

Nvidia also stomped out four high-severity flaws in its Virtual GPU (vGPU) manager, its tool that enables multiple virtual machines to have simultaneous, direct access to a single physical GPU, while also using Nvidia graphics drivers deployed on non-virtualized operating systems.

In this case, the software does not restrict (or incorrectly restricts) operations within the boundaries of a resource that could be accessed by using an index or pointer, such as memory or files. That may lead to code execution, DoS, escalation of privileges or information disclosure (CVE‑2020‑5968), warned Nvidia.

Another flaw stems from the vGPU plugin validating shared resources before using them, creating a race condition which may lead to DoS or information disclosure (CVE‑2020‑5969). And in another glitch, input data size is not validated in the vGPU plugin, which may lead to tampering or denial of service (CVE‑2020‑5970).

The final vGPU flaw (CVE‑2020‑5971) stems from the software reading from a buffer by using buffer access mechanisms (such as indexes or pointers) that reference memory locations after the targeted buffer. This could lead to code execution, DoS, escalated privileges, or information disclosure.

It’s only the latest slew of patches that Nvidia has issued. Earlier in March, the company fixed several high-severity vulnerabilities in its graphics driver, which can be exploited by a local attacker to launch DoS or code-execution attacks. Last year, Nvidia issued fixes forhigh-severity flawsin two popular gaming products, including its graphics driver for Windows and GeForce Experience. The flaws could be exploited to launch an array of malicious attacks – from DoS to escalation of privileges. Also in 2019, Nvidia patchedanother high-severity vulnerability in its GeForce Experience software, which could lead to code-execution or DoS of products, if exploited.


以上就是本文的全部内容,希望本文的内容对大家的学习或者工作能带来一定的帮助,也希望大家多多支持 码农网

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

结构化计算机组成

结构化计算机组成

Andrew S.Tanenbaum / 刘卫东 / 机械工业出版社 / 2001-10-1 / 46.00

AndrewcS.Tanenbaum获得过美国麻省理工学院的理学学士学位和加利福尼亚大学伯克利分校的哲学博士学位,目前是荷兰阿姆斯特丹Vrije大学计算机科学系的教授,并领导着一个计算机系统的研究小组.同时,他还是一所计算与图像处理学院的院长,这是由几所大学合作成立的研究生院.尽管社会工作很多,但他并没有中断学术研究. 多年来,他在编译技术.操作系统.网络及局域分布式系统方面进行了大量的一起来看看 《结构化计算机组成》 这本书的介绍吧!

JS 压缩/解压工具
JS 压缩/解压工具

在线压缩/解压 JS 代码

URL 编码/解码
URL 编码/解码

URL 编码/解码

MD5 加密
MD5 加密

MD5 加密工具